GLSA-200412-12 : Adobe Acrobat Reader: Buffer overflow vulnerability

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200412-12
(Adobe Acrobat Reader: Buffer overflow vulnerability)

A buffer overflow has been discovered in the email processing of
Adobe Acrobat Reader. This flaw exists in the mailListIsPdf function,
which checks if the input file is an email message containing a PDF
file.

Impact :

A remote attacker could send the victim a specially crafted email
and PDF attachment, which would trigger the buffer overflow and
possibly lead to the execution of arbitrary code with the permissions
of the user running Adobe Acrobat Reader.

Workaround :

There is no known workaround at this time.

See also :

http://www.adobe.com/support/techdocs/331153.html
http://www.gentoo.org/security/en/glsa/glsa-200412-12.xml

Solution :

All Adobe Acrobat Reader users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-text/acroread-5.10'

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 15993 (gentoo_GLSA-200412-12.nasl)

Bugtraq ID:

CVE ID: CVE-2004-1152